Communications of the ACM

Contributed articles

GDPR Anti-Patterns

By Supreeth Shastri, Melissa Wasserman, Vijay Chidambaram
Communications of the ACM, February 2021, Vol. 64 No. 2, Pages 59-65
10.1145/3378061
Comments

The General Data Protection Regulation (GDPR)²⁶ is a European privacy law introduced to offer new rights and protections to people concerning their personal data. While at-scale monetization of personal data has existed since the dot-com era, a systemic disregard for privacy and protection of personal data is a recent phenomenon. For example, in 2017, we learned about Equifax's negligence¹⁷ in following the security protocols, which exposed the financial records of 145 million people; Yahoo!'s delayed confession²¹ that three years ago, a theft had exposed all three billion of its user records; Facebook's admission³³ that their APIs allowed illegal harvesting of user data, which in turn influenced the U.S. and U.K. democratic processes.

Thus, GDPR was enacted to prevent a widespread and systemic abuse of personal data. At its core, GDPR declares the privacy and protection of personal data as a fundamental right. Accordingly, it grants new rights to people, and assigns companies that collect their personal data, new responsibilities. Any company dealing with the personal data of European people is legally bound to comply with all the regulations of GDPR, or risk facing hefty financial penalties. For example, in January 2019, Google was fined⁶ €50M for lacking a customer's consent in personalizing advertisements across their different services.

---

No entries found

Log in to Read the Full Article